← Back to Home
🛡️
DATA PRIVACY & PROTECTION
Your privacy is important to us
4.1 Legal Compliance
TaxPaddy complies with:
- Nigeria Data Protection Regulation (NDPR) 2019
- Cybercrimes (Prohibition, Prevention, etc.) Act 2015
- Nigerian Communications Act 2003
- Central Bank of Nigeria (CBN) Guidelines on Electronic Banking
- Federal Competition and Consumer Protection Act 2018
4.2 Data We Collect
4.2.1 Personal Information
- Full name
- Email address
- Phone number
- Financial data (income, expenses, tax information)
- Employment information
- Bank account details (if provided)
- Device information and IP address
- Login history and device fingerprints
4.2.2 Automatically Collected Data
- Device type, operating system, and version
- App usage analytics
- IP address and location data (city/state level)
- Session duration and interaction patterns
- Error logs and crash reports
4.3 How We Use Your Data
We use your data to:
- Provide, maintain, and improve the App
- Process your financial tracking and tax calculations
- Send important notifications about your account
- Verify your identity and prevent fraud
- Comply with legal obligations
- Respond to customer support requests
- Conduct security monitoring and threat detection
4.4 Data Storage and Security
🔒 Security Measures
We implement industry-standard security measures:
- End-to-end encryption (TLS 1.3)
- Encrypted data storage (AES-256)
- Multi-Factor Authentication (MFA)
- Regular security audits
- Device fingerprinting
- Rate limiting to prevent attacks
- Session timeout after 15 minutes
- Password hashing using bcrypt
Data Location
Your data is stored on secure cloud servers provided by Supabase, which maintains data centers
compliant with international security standards.
Data Retention
We retain your data for as long as your account is active or as needed to provide services:
- 90 days: Personal and financial data (for account recovery)
- 7 years: Tax-related records (as required by Nigerian tax law)
- Indefinitely: Anonymized analytics data
4.5 Data Sharing and Disclosure
❌ WE DO NOT SELL YOUR DATA
We will never sell, rent, or trade your personal information to third parties for marketing purposes.
Limited Sharing
We may share your data with:
- Service Providers: Cloud hosting (Supabase), analytics, and security services under strict
confidentiality agreements
- Legal Authorities: When required by Nigerian law, court order, or government request
- Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to users)
4.6 Your Data Rights (NDPR Compliance)
Under the Nigeria Data Protection Regulation, you have the right to:
- ✓ Access: Request a copy of all personal data we hold about you
- ✓ Correction: Update or correct inaccurate personal information
- ✓ Deletion (Right to be Forgotten): Request deletion of your personal data, subject to legal
retention requirements
- ✓ Portability: Receive your data in a structured, machine-readable format (CSV/Excel export)
- ✓ Objection: Object to processing of your data for specific purposes
- ✓ Withdrawal of Consent: Withdraw consent for data processing at any time
Exercise Your Rights
To exercise these rights, contact us at:
info@koeta.io
We will respond within 30 days as required by NDPR.
4.7 Data Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Notify you within 72 hours of discovering the breach (NDPR requirement)
- Report the breach to the Nigeria Data Protection Bureau (NDPB)
- Provide details of the breach and steps taken to mitigate harm
- Offer guidance on protective measures you can take
4.8 Children's Privacy
TaxPaddy is not intended for users under 18 years of age. We do not knowingly collect data from children.
If we discover we have collected data from a minor, we will delete it immediately.